As reported 13 hours ago in WXXI News (
read the full DePaul explanation here), "a single employee's email account" was phished, hooked, and netted the hackers 41,000 emails. Since DePaul.org is NOT DMARC enforced/protected, it is most likely the phished thought he/she was getting a legitimate request from another DePaul employee. "…a person outside of the DePaul organization obtained the e-mail credentials of a staff member…" While it's not clear whether DMARC enforcement would have protected DePaul, it is clear that morons are the weak link in any system. And a spear phishing exploit aimed at a single employee can be very effective. Just ask the DNC.
Comments
Post a Comment
Leave your comment. The moderator will turn down no well-thought-out observations. We WILL turn down product plugs that are off target.